cleantalk
Vulnerabilities and Security Researches

WP Chat App, CVE-2024-10533

CVE, Research URL

CVE-2024-10533

Home page URL

Security reports for WP Chat App

Application

WP Chat App

Published on
Nov 16, 2024
Research Description
The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the filebird plugin.
Affected versions
Min -, max 3.6.9.
Status
vulnerable
Previous vulnerability researches
WP Chat App (CVE-2024-2837) , Jun 07, 2024
WP Chat App (CVE-2024-1761) , Jun 07, 2024
WP Chat App (CVE-2023-51370) , Jun 07, 2024
WP Chat App (CVE-2024-2513) , Jun 07, 2024
WP Chat App , Jul 24, 2024
New vulnerability
Min Max Default Quantity for WooCommerce (CVE-2025-47504) , Jun 09, 2025
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025